package com.hazelcast.config.replacer;

import com.hazelcast.config.replacer.spi.ConfigReplacer;
import com.hazelcast.internal.util.Preconditions;
import com.hazelcast.logging.ILogger;
import com.hazelcast.logging.Logger;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Properties;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:BOOT-INF/lib/hazelcast-5.3.6.jar:com/hazelcast/config/replacer/AbstractPbeReplacer.class */
public abstract class AbstractPbeReplacer implements ConfigReplacer {
    public static final String PROPERTY_CIPHER_ALGORITHM = "cipherAlgorithm";
    public static final String PROPERTY_SECRET_KEY_FACTORY_ALGORITHM = "secretKeyFactoryAlgorithm";
    public static final String PROPERTY_SECRET_KEY_ALGORITHM = "secretKeyAlgorithm";
    public static final String PROPERTY_KEY_LENGTH_BITS = "keyLengthBits";
    public static final String PROPERTY_SALT_LENGTH_BYTES = "saltLengthBytes";
    public static final String PROPERTY_SECURITY_PROVIDER = "securityProvider";
    public static final String DEFAULT_CIPHER_ALGORITHM = "AES";
    public static final String DEFAULT_SECRET_KEY_FACTORY_ALGORITHM = "PBKDF2WithHmacSHA256";
    private final ILogger logger = Logger.getLogger(AbstractPbeReplacer.class);
    private String cipherAlgorithm;
    private String secretKeyFactoryAlgorithm;
    private String secretKeyAlgorithm;
    private String securityProvider;
    private int keyLengthBits;
    private int saltLengthBytes;

    @Override // com.hazelcast.config.replacer.spi.ConfigReplacer
    public void init(Properties properties) {
        this.securityProvider = properties.getProperty(PROPERTY_SECURITY_PROVIDER);
        this.cipherAlgorithm = properties.getProperty(PROPERTY_CIPHER_ALGORITHM, DEFAULT_CIPHER_ALGORITHM);
        this.secretKeyFactoryAlgorithm = properties.getProperty(PROPERTY_SECRET_KEY_FACTORY_ALGORITHM, DEFAULT_SECRET_KEY_FACTORY_ALGORITHM);
        this.secretKeyAlgorithm = properties.getProperty(PROPERTY_SECRET_KEY_ALGORITHM, DEFAULT_CIPHER_ALGORITHM);
        this.keyLengthBits = Integer.parseInt(properties.getProperty(PROPERTY_KEY_LENGTH_BITS, "128"));
        this.saltLengthBytes = Integer.parseInt(properties.getProperty(PROPERTY_SALT_LENGTH_BYTES, "8"));
        Preconditions.checkPositive(this.keyLengthBits, "Key length has to be positive number");
        Preconditions.checkPositive(this.saltLengthBytes, "Salt length has to be positive number");
    }

    protected abstract char[] getPassword();

    @Override // com.hazelcast.config.replacer.spi.ConfigReplacer
    public String getReplacement(String str) {
        try {
            return decrypt(str);
        } catch (Exception e) {
            this.logger.warning("Unable to decrypt variable " + str, e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String encrypt(String str, int i) throws Exception {
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[this.saltLengthBytes];
        secureRandom.nextBytes(bArr);
        return new String(Base64.getEncoder().encode(bArr), StandardCharsets.UTF_8) + ":" + i + ":" + new String(Base64.getEncoder().encode(transform(1, str.getBytes(StandardCharsets.UTF_8), bArr, i)), StandardCharsets.UTF_8);
    }

    protected String decrypt(String str) throws Exception {
        String[] split = str.split(":");
        Preconditions.checkTrue(split.length == 3, "Wrong format of the encrypted variable (" + str + ")");
        byte[] decode = Base64.getDecoder().decode(split[0].getBytes(StandardCharsets.UTF_8));
        Preconditions.checkTrue(decode.length == this.saltLengthBytes, "Salt length doesn't match.");
        return new String(transform(2, Base64.getDecoder().decode(split[2].getBytes(StandardCharsets.UTF_8)), decode, Integer.parseInt(split[1])), StandardCharsets.UTF_8);
    }

    private byte[] transform(int i, byte[] bArr, byte[] bArr2, int i2) throws Exception {
        Preconditions.checkPositive(i2, "Count of iterations has to be positive number.");
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(this.secretKeyFactoryAlgorithm);
        char[] password = getPassword();
        Preconditions.checkTrue(password != null && password.length > 0, "Empty password is not supported");
        SecretKeySpec secretKeySpec = new SecretKeySpec(secretKeyFactory.generateSecret(new PBEKeySpec(password, bArr2, i2, this.keyLengthBits)).getEncoded(), this.secretKeyAlgorithm);
        Cipher cipher = this.securityProvider == null ? Cipher.getInstance(this.cipherAlgorithm) : Cipher.getInstance(this.cipherAlgorithm, this.securityProvider);
        cipher.init(i, secretKeySpec);
        return cipher.doFinal(bArr);
    }
}
